OS Analysis with RegRipper

Focused View

Shoaib Arshad

39:55

78 View

Exercise Files

os-analysis-regripper.zip

Module 1 - Course Overview (Tool Introduction)

1. Course Overview.mp4

01:20

Module 2 - Analyzing Windows Registry with RegRipper

1. Introduction to RegRipper.mp4

07:17

2. General OS Information.mp4

10:10

3. Analyzing Windows Services.mp4

07:40

4. Analyzing Regsitry Run Keys.mp4

05:27

5. Analyzing USB Device Information.mp4

06:35

Module 3 - Resources

1. Resources.mp4

01:26

Description

RegRipper is an open-source application for extracting, correlating, and displaying specific information from Windows Registry hive files. In this course, you will learn to detect adversary activity on a Windows host using RegRipper.

What You'll Learn?

Windows Registry analysis is a fundamental step during any incident response scenario, as it provides conclusive evidence needed to support or deny any suspicious activity on a Windows system. In this course, you’ll cover how to utilize RegRipper to detect adversary endpoint attack techniques in an enterprise environment. First, you’ll demonstrate the RegRipper plugins which are a unique approach for Registry analysis. Next, you’ll operate RegRipper to run against various registry hives using a custom set of plugins. Finally, you’ll analyze Windows Registry to detect adversary activity on a Windows host. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Create or Modify System Process (T1543), Boot or Logon Autostart Execution (T1547), Exfiltration Over Physical Medium (T1052), using RegRipper.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Windows Server

Shoaib Arshad

Instructor's Courses

Shoaib is a Senior Cyber Security Professional currently based in Saudi Arabia. He has more than a decade of experience in the Information Security domain, and worked in various roles such as Security Engineer, Pentester, Forensic Examiner, Incident Handler, IT Auditor and also as a Cyber Security Consultant. His certifications include GCCC, GCFE and Lead Auditor for ISO - 27001/22301/20000. He is also a member of the GIAC Advisory Board. Shoaib is passionate about teaching and finds value in sharing his knowledge by mentoring students and interns. When he is not working, Shoaib likes to spend time with his wife and son. He is also an avid motorcyclist.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.